From dc301738b2959555585d46dd25de44e5add64004 Mon Sep 17 00:00:00 2001 From: Eivind Uggedal Date: Sat, 3 Jan 2015 14:56:34 +0000 Subject: [PATCH] nginx: patch out ALPN checks libressl-2.1.2 was released with the TLSEXT_TYPE_application_layer_protocol_negotiation define without an implementation of ALPN. --- .../patches/missing-libressl-alpn-impl.patch | 65 +++++++++++++++++++ srcpkgs/nginx/template | 1 - 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/nginx/patches/missing-libressl-alpn-impl.patch diff --git a/srcpkgs/nginx/patches/missing-libressl-alpn-impl.patch b/srcpkgs/nginx/patches/missing-libressl-alpn-impl.patch new file mode 100644 index 00000000000..a068e9d022b --- /dev/null +++ b/srcpkgs/nginx/patches/missing-libressl-alpn-impl.patch @@ -0,0 +1,65 @@ +diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c +index 206f58d2537b..7e1af83e345c 100644 +--- src/http/modules/ngx_http_ssl_module.c ++++ src/http/modules/ngx_http_ssl_module.c +@@ -20,7 +20,7 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, + #define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1" + + +-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation ++#if 0 + static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, + const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg); +@@ -299,7 +299,7 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = { + static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP"); + + +-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation ++#if 0 + + static int + ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out, +@@ -628,7 +628,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) + + #endif + +-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation ++#if 0 + SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_http_ssl_alpn_select, NULL); + #endif + +diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c +index ce5adb7374a3..24f94128044b 100644 +--- src/http/ngx_http.c ++++ src/http/ngx_http.c +@@ -1350,7 +1350,7 @@ ngx_http_add_address(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf, + } + + #if (NGX_HTTP_SPDY && NGX_HTTP_SSL \ +- && !defined TLSEXT_TYPE_application_layer_protocol_negotiation \ ++ && !0 \ + && !defined TLSEXT_TYPE_next_proto_neg) + if (lsopt->spdy && lsopt->ssl) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, +diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c +index 845ada322e32..f4a1862e85b5 100644 +--- src/http/ngx_http_request.c ++++ src/http/ngx_http_request.c +@@ -764,14 +764,14 @@ ngx_http_ssl_handshake_handler(ngx_connection_t *c) + c->ssl->no_wait_shutdown = 1; + + #if (NGX_HTTP_SPDY \ +- && (defined TLSEXT_TYPE_application_layer_protocol_negotiation \ ++ && (0 \ + || defined TLSEXT_TYPE_next_proto_neg)) + { + unsigned int len; + const unsigned char *data; + static const ngx_str_t spdy = ngx_string(NGX_SPDY_NPN_NEGOTIATED); + +-#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation ++#if 0 + SSL_get0_alpn_selected(c->ssl->connection, &data, &len); + + #ifdef TLSEXT_TYPE_next_proto_neg diff --git a/srcpkgs/nginx/template b/srcpkgs/nginx/template index 38ceca96e97..28600dd81b1 100644 --- a/srcpkgs/nginx/template +++ b/srcpkgs/nginx/template @@ -30,7 +30,6 @@ homepage="http://nginx.org" update_ignore="*.[13579].*" distfiles="http://nginx.org/download/nginx-$version.tar.gz" checksum=b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18 -broken=yes build_options="systemd" replaces="runit-void<20141013_2"